[pcre-dev] [Bug 2308] New: Possible uninitialized memory usa…

Top Page
Delete this message
Author: admin
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 2308] New: Possible uninitialized memory usage in optimize_class_chars()
https://bugs.exim.org/show_bug.cgi?id=2308

            Bug ID: 2308
           Summary: Possible uninitialized memory usage in
                    optimize_class_chars()
           Product: PCRE
           Version: 10.31 (PCRE2)
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Code
          Assignee: ph10@???
          Reporter: ppisar@???
                CC: pcre-dev@???


optimize_class_chars() function in src/pcre2_jit_compile.c defines:

uint16_t char_list[MAX_CLASS_CHARS_SIZE];

then it sets some of its elements and finally checks the zeroth element with
(line 5907 in the latest SVN code):

if (char_list[0] == 0) {}

I'm unable to follow all the code paths that depend on the function arguments
but char_list[0] can be set only at two places and the first place depends on
char_list[k] value, that means there is only one place:

char_list[len++] = (uint16_t) c;

And this happens only if (0 == len == k) && (byte & 0x1) and byte is one of 32
bits[i]. So it depends on bits argument.

Are you sure this code is safe? Wouldn't make sense to initialize the three
bytes (MAX_CLASS_CHARS_SIZE) of the char_list array always?

--
You are receiving this mail because:
You are on the CC list for the bug.